Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2019-10-16 CVE-2016-11014 Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
network
low complexity
netgear CWE-613
critical
9.8
2019-10-09 CVE-2019-17375 Insufficient Session Expiration vulnerability in Cpanel
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
network
low complexity
cpanel CWE-613
8.8
2019-09-27 CVE-2019-9269 Insufficient Session Expiration vulnerability in Google Android 10.0
In System Settings, there is a possible permissions bypass due to a cached Linux user ID.
local
low complexity
google CWE-613
7.3
2019-09-22 CVE-2018-21018 Insufficient Session Expiration vulnerability in Joinmastodon Mastodon
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
network
low complexity
joinmastodon CWE-613
critical
9.8
2019-09-18 CVE-2019-5531 Insufficient Session Expiration vulnerability in VMWare Esxi, Vcenter Server and Vsphere Esxi
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration.
network
low complexity
vmware CWE-613
5.4
2019-09-17 CVE-2019-14826 Insufficient Session Expiration vulnerability in multiple products
A flaw was found in FreeIPA versions 4.5.0 and later.
local
low complexity
freeipa redhat CWE-613
4.4
2019-09-09 CVE-2019-16133 Insufficient Session Expiration vulnerability in Weaver Eteams OA 4.0.34
An issue was discovered in eteams OA v4.0.34.
network
low complexity
weaver CWE-613
6.5
2019-08-06 CVE-2019-2386 Insufficient Session Expiration vulnerability in Mongodb
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.
network
high complexity
mongodb CWE-613
7.1
2019-07-01 CVE-2019-7280 Insufficient Session Expiration vulnerability in Primasystems Flexair 2.3.38
Prima Systems FlexAir, Versions 2.3.38 and prior.
network
low complexity
primasystems CWE-613
8.8
2019-06-12 CVE-2019-6584 Insufficient Session Expiration vulnerability in Siemens Logo!8 Firmware 1.80.00/1.81.00
A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02).
network
low complexity
siemens CWE-613
8.8